A new cybersecurity investigation has revealed that certain free consumer applications may be quietly transforming smart TVs and other connected devices into residential proxy nodes, allowing third parties to conduct large-scale web scraping activities through users’ home internet connections.
The research focuses on a software development kit (SDK) distributed by data collection company Bright Data, which is embedded in some consumer applications. According to security researchers, the technology enables participating devices to relay internet traffic for commercial web scraping operations, including services marketed to artificial intelligence companies.
Researchers Uncover Residential Proxy Infrastructure
Bright Data, known for operating one of the world’s largest residential proxy networks, advertises access to hundreds of millions of residential IP addresses globally. The company states that a portion of these IPs comes from users who voluntarily opt in through applications that include its SDK.
However, researchers from Include Security and independent analyst Buchodi have raised concerns about how the technology functions in practice. Their findings suggest that internet traffic generated through the network appears to originate from users’ home connections rather than from the organizations conducting the scraping activities.
This means a household’s internet service and bandwidth could be used to access websites on behalf of external customers without the traffic being directly associated with those customers.
Why Smart TVs Are Attractive Targets
Among connected devices, smart televisions present a particularly attractive environment for residential proxy operations.
Unlike smartphones or laptops, smart TVs are often connected to power continuously, remain online for long periods, and typically operate on high-speed home internet connections. Because they are rarely monitored closely by users, they can function as reliable relay points for network traffic with little visibility.
Researchers noted that while the deepest technical analysis focused on the iOS version of the SDK, public documentation and partner information indicate support for multiple device ecosystems, including smart TV platforms.
Security Analysis Reveals Weak Authentication Controls
According to the report, the SDK communicates with remote servers that assign internet tasks to participating devices. Once connected, those devices can be instructed to retrieve content from external websites using the user’s own internet connection.
Researchers claim that the communication channel responsible for delivering these instructions lacks robust authentication protections, potentially creating security concerns.
The investigation also found that on Apple devices, some SDK-generated traffic could bypass configured VPN services. In addition, portions of the activity may not appear in traditional monitoring tools commonly used by security teams.
The report further states that background operations can continue even when users are actively using their devices, provided battery conditions meet predefined thresholds.
Questions Raised Over User Consent
A major focus of the research centers on whether users fully understand the extent of the network activity they are authorizing.
In one example cited by researchers, a consumer application informed users that their device and internet connection would be used only occasionally. However, configuration settings allegedly allowed significantly higher levels of network traffic than the wording suggested.
The analysis found that some regional configurations permitted extremely large monthly traffic allocations, while certain settings allowed operations to continue until devices reached very low battery levels.
Researchers also reported that the SDK could associate multiple devices linked to the same user account, potentially treating phones, computers, and other connected hardware as a single participant within the network.
AI Industry Demand Driving Residential Proxy Growth
The use of residential proxy networks is not a new concept, but growing demand from artificial intelligence companies has increased the commercial value of these services.
Modern anti-bot systems deployed by website security providers often block requests originating from datacenter infrastructure. As a result, organizations seeking to collect publicly available web data increasingly rely on residential IP addresses that appear more like normal user traffic.
This trend has fueled demand for proxy networks capable of routing requests through consumer internet connections.
Industry observers note that while criminal botnets often hijack devices without permission, commercial residential proxy providers typically operate under an opt-in model. The central debate now revolves around whether consent disclosures provide enough transparency for users to make informed decisions.
Platform Operators Tighten Restrictions
The growing scrutiny surrounding proxy-based SDKs has prompted several major technology companies to strengthen platform policies.
Recent reports indicate that companies including Google, Amazon, and Roku have introduced restrictions targeting background proxy software. As a result, some residential proxy technologies have faced limitations or removal from certain platforms.
Despite these changes, researchers noted that support for other smart TV operating systems remains available through some industry partnerships.
How Users Can Protect Their Networks
Cybersecurity experts recommend monitoring home networks for unusual traffic patterns and reviewing the permissions granted to free applications.
Users concerned about residential proxy activity can block known SDK communication domains using network-level filtering tools such as DNS filtering platforms or advanced router security controls.
Organizations managing employee-owned devices should also consider reviewing installed applications and monitoring for software that includes proxy-networking components.
Experts caution that network indicators and connection methods may evolve over time, making continuous monitoring an important part of maintaining visibility into device activity.
Growing Privacy and Security Concerns
The findings highlight broader concerns surrounding data collection, transparency, and internet resource sharing in the rapidly expanding AI ecosystem.
As demand for web-sourced data continues to rise, cybersecurity researchers expect increased scrutiny of residential proxy networks and the methods used to recruit consumer devices. The debate is likely to focus on user awareness, informed consent, and the balance between commercial data collection practices and consumer privacy rights.
